Affinity

4440 Cyber Security Architect

Affinity$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Cyber Security, Engineering, or related field.
  • Industry-recognized security credentials (CISSP, CISM, Security+, etc.).
  • AWS Certified Security - Specialty; Azure Security Engineer Associate.
  • Minimum six years of experience as a Cyber Security Architect/Engineer.
  • At least three years of experience securing enterprise cloud infrastructure.
  • Proficient with Infrastructure as Code security tools (Terraform, CloudFormation).
  • Experience scripting with Python, Bash, or PowerShell for automation.

Responsibilities

  • Develop technical solutions and new security tools to mitigate vulnerabilities.
  • Design secure cloud infrastructure blueprints for AWS and Azure.
  • Build automated security checks into deployment pipelines.
  • Implement continuous security monitoring, logging, and alerting systems.
  • Ensure cloud environments meet SOC2, ISO27001, and HIPAA standards.
  • Assist in incident response across various technologies, documenting recommendations.
  • Define Identity and Access Management policies and encryption standards.

Benefits

  • Comprehensive health insurance including medical, dental, and vision plans.
  • 401(k) retirement plan with company match.
  • Professional development opportunities and certifications support.
  • Generous paid time off (PTO) and holiday policy.
  • Flexible work environment and potential for remote work options.
Full Job Description
4440 Cyber Security Architect
4440 | Top Secret

Job Description:

OVERVIEW:

We are seeking a highly skilled Cyber Security Architect/Engineer to provide technical expertise, guidance, documentation, and recommendations for the following: Systems, networks, and cloud environments (i.e., AWS, Azure, etc.); Developing technical solutions and new security tools to help mitigate vulnerabilities; Performing vulnerability management assessments, penetration testing, and risk analysis to identify and remediate weaknesses; Automation and scripting using languages like Python, Bash, or PowerShell to automate repetitive security related tasks and building custom tools; Compliance and hardening ensuring systems meet industry and government standards and implementing system hardening protocols (e.g., DISA- STIGs) and; Providing mentorship to junior engineers and collaboration across cross-functional teams to integrate security into the software development lifecycle.

GENERAL DUTIES:

  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automating repeatable tasks
  • Design secure cloud infrastructure blueprints for AWS, Azure, etc.
  • Build automated security checks into deployment pipelines
  • Implement continuous security monitoring, logging, and alerting systems
  • Ensure cloud environments meet SOC2, ISO27001 and HIPPA standards
  • Assist security personnel in responding to incidents across a wide array of technologies, mitigating and containing impacts, coordinating remediation efforts, and documenting recommendations for improvement to include cloud specific security alerts and vulnerabilities
  • Define Identity and Access Management policies and encryption standards
  • Provide up-to-date reports on security incidents and task process
  • Maintain documentation to support security strategies for networks by outlining the requirements and benefits of specific security tools and/or solutions


REQUIRED QUALIFICATIONS:

  • A bachelor's degree from an accredited college or university in Computer Science, Cyber Security, Engineering, Cybersecurity, or related field.
  • Industry-recognized security credentials such as CISSP, CISM, Security+, CCSP, CSPM, and CNAPP, or similar certification.
  • AWS Certified Security - Specialty; Microsoft Certified: Azure Security Engineer Associate.
  • At least six (6) years of experience as a Cyber Security Architect/Engineer in a corporation, government, or commercial firm.
  • At least three years of experience securing enterprise cloud infrastructure (e.g., AWS, Azure, etc.)
  • Proficient with Infrastructure as Code security tools (Terraform, CloudFormation).
  • Ability to engineer and deploy security toolsets to include SIEM (Splunk), EDR (CarbonBlack), Vulnerability scanners (Nessus, Qualys) and analytics solutions (Elastic Stack (Elasticsearch, Logstash, Kibana - ELK), or similar).
  • Experience scripting with Python, Bash, or PowerShell for security automation.
  • Deep knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS) and firewalls.
  • Proficiency in securing both Linux and Windows environments.
  • Experience with container security (Docker, Kubernetes) and cloud-native security tools.
  • Experience conducting security assessments, penetration testing and/or ethical hacking, and identifying and mitigating vulnerabilities.
  • Excellent analysis and critical thinking skills.
  • Exceptional leadership and organizational skills.
  • Experience working with technical teams in customer environments
  • Excellent oral and written communication skills.


DESIRED QUALIFICATIONS:

  • Architect and operate a hybrid SIEM stack spanning Microsoft Sentinel and Splunk Enterprise across on-prem, Azure, AWS; design ingestion pipelines (DCR/AMA, Splunk UF/HF/HEC), normalization with ASIM/CIM, and cross-workspace/cross-tenant event sharing.
  • Lead security architecture reviews and reference designs aligned to Zero Trust, NIST 800-53/207, CNSSI 1253; deliver threat models, control mappings, and security data flow diagrams for collection networks.
  • Build and maintain detections-as-code: author and version KQL/SPL analytics, watchlists, and entity behavior rules with MITRE ATT&CK coverage.
  • Administer a proactive threat-hunting program using KQL/SPL, Jupyter notebooks (MSTICPy), Sigma conversion, and purple-team ATT&CK emulations; convert hunt findings into resilient analytics and anomaly baselines.
  • Optimize telemetry governance and cost: table/namespace policies, retention tiers/archival, Splunk license and index strategy, Sentinel ingestion caps and data filters in addition to egress controls for sensitive / classified data.
  • Establish incident response operations and service level objectives: unify case management (Sentinel Incidents, Splunk ES Notables), evidence handling, post-incident reviews, and executive dashboards/metrics for readiness and dwell time.
  • Provide tiered platform support and enablement: backlog grooming, rule/playbook quality assurance, change control, analyst/admin training, and Authority-to-Operate/Risk Management Framework continuous monitoring package updates as required.


CLEARANCE:

  • Active Top Secret minimum clearance


Job Details

City : Quantico

State : VA

About Affinity

Affinity’s patented technology structures and analyzes millions of data points across emails, calendars, and third-party sources to offer users the tools they need to automatically manage their most valuable relationships, prioritize important connections, and discover untapped opportunities. Affinity uses artificial intelligence to analyze relationship strength and illuminate the best paths to warm introductions. The platform also offers a holistic view of users’ networks in a centralized, automatically updated database without any manual upkeep. Founded in 2014, Affinity is headquartered in San Francisco, California. Affinity has raised $120M to date and is backed by leading investors including Menlo Ventures, Advance Venture Partners, 8VC and MassMutual Ventures. It has over 2,700 customers in 70 countries, including venture capital firms such as Bain Capital Ventures and Kleiner Perkins, private equity firms such as SoftBank Group, investment bankers such as Woodside Capital Partners, financial services firms such as Fidelity Investments, real estate companies such as Tishman Speyer, insurers such as American Family Insurance and enterprises such as Nike, Qualcomm and Twilio. Affinity has been named in Fortune Magazine's Best Workplaces, Inc. Magazine's Best Workplaces and editor's number one pick, the Data Breakthrough Award, BIG Innovation Award and others.
Learn more about Affinity
Size
1,000 employees
Industry
Founded
2014

Similar Jobs

More Jobs at Affinity

  • Affinity
    4378 Program Manager
    $90K — $130K *
    Washington, DC 20011 (District Of Columbia County)
    Aerospace & Defense
    In-Person
  • New Jersey Transit
    4296 Linux Systems Administrator
    $90K — $120K *
    Chantilly, VA 20152 (Loudoun County)
    Information Technology
    In-Person
  • New Jersey Transit
    4384 Budget Analyst
    $80K — $110K *
    Washington, DC 20011 (District Of Columbia County)
    Finance & Insurance
    In-Person
  • Affinity
    4445 Scrum Master
    $90K — $120K *
    Hanover, MD 21076 (Howard County)
    Education, Government & Non-Profit
    In-Person
  • New Jersey Transit
    4313 ServiceNow Developer
    $100K — $130K *
    Sterling, VA 20164 (Loudoun County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar 4440 Cyber Security Architect jobs: